Jump to content

comrademp

Members
  • Posts

    23
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Going with what I wrote in my other thread: Hi. The problem started on Sept.12, updated my free Avira and it was all good, it was late on the 12 but the update date read Sept.11, thought nothing of it. Went to update on the 13th, and all I would get back through out the day was that I had up to date protection already. OK, then on the 14th, I didn't get any updates, it would go on and on. Thought maybe it's just a lot of traffic to the servers. Today I tried once again to update, drags on and on, and now it seems I can't even connect to the any Avira website (free-AV, Avira forums, etc) and for some reason can't get to the Comodo forum website either. When I try visiting these sites, all I get is the connection timed out message. Any thoughts as to what's going on? I've run Avira, updated MBAM, Spybot and all came back clean. I can visit other AV websites, but not Avira or Comodo. About a day or two before I stopped being able to update/connect to avira, I had downloaded an VDF to do a manual update, but it said I was up to date. I kept MBAM, Threatfire, Spybot and scanned but nothing turns up, even did a scan with MBAM in safe mode with networking. Any help would be appreciated. MAMB in safe mod with networking log: Malwarebytes' Anti-Malware 1.41 Database version: 2804 Windows 5.1.2600 Service Pack 3 (Safe Mode) 9/15/2009 1:11:27 PM mbam-log-2009-09-15 (13-11-27).txt Scan type: Quick Scan Objects scanned: 97410 Time elapsed: 2 minute(s), 56 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) MAMB log in Normal Mode: Malwarebytes' Anti-Malware 1.41 Database version: 2818 Windows 5.1.2600 Service Pack 3 9/17/2009 4:57:28 PM mbam-log-2009-09-17 (16-57-27).txt Scan type: Full Scan (C:\|F:\|G:\|) Objects scanned: 178087 Time elapsed: 59 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) HJT: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:03:44 PM, on 9/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Acer\Empowering Technology\ePerformance\MemCheck.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\system32\Tablet.exe C:\Program Files\ThreatFire\TFService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe C:\Acer\Empowering Technology\ePower\ePower_DMC.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\ThreatFire\TFTray.exe C:\Program Files\COMODO\COMODO Internet Security\cfp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe C:\WINDOWS\system32\Wtablet\TabUserW.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\DOCUME~1\NAKAMA~1\LOCALS~1\Temp\RtkBtMnt.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/def.../search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: QFX Software KeyScrambler - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0 O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe O4 - HKLM\..\Run: [boot] C:\Acer\Empowering Technology\ePower\Boot.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Acer Empowering Technology.lnk = ? O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe O9 - Extra button: (no name) - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra 'Tools' menuitem: &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files\KeyScrambler\KeyScramblerIE.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1242772409055 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1247018090906 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1E34764E-37B7-43BE-9338-6056E6E21E81}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CCS\Services\Tcpip\..\{3BC35CDA-BF50-4A72-9C0B-BA1DF961B853}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CS1\Services\Tcpip\..\{1E34764E-37B7-43BE-9338-6056E6E21E81}: NameServer = 156.154.70.22,156.154.71.22 O17 - HKLM\System\CS2\Services\Tcpip\..\{1E34764E-37B7-43BE-9338-6056E6E21E81}: NameServer = 156.154.70.22,156.154.71.22 O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe O23 - Service: eLock Service (eLockService) - - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe -- End of file - 9114 bytes
  2. I set up my permissions back when I first installed Comodo and Avira so I don't think that's the problem. Just Keep getting these: The connection has timed out The server at forums.comodo.com is taking too long to respond. The connection has timed out The server at forum.avira.com is taking too long to respond. The Avira updater keeps going and going but nothing much happens. About a day or two before I stopped being able to update/connect to avira, I had downloaded an VDF to do a manual update, but it said I was up to date. I kept MBAM, Threatfire, Spybot and scanned but nothing turns up, even did a scan with MBAM in safe mode with networking. I'm thinking a HJT might be in order.
  3. Hi. The problem started on Sept.12, updated my free Avira and it was all good, it was late on the 12 but the update date read Sept.11, thought nothing of it. Went to update on the 13th, and all I would get back through out the day was that I had up to date protection already. OK, then on the 14th, I didn't get any updates, it would go on and on. Thought maybe it's just a lot of traffic to the servers. Today I tried once again to update, drags on and on, and now it seems I can't even connect to the any Avira website (free-AV, Avira forums, etc) and for some reason can't get to the Comodo forum website either. When I try visiting these sites, all I get is the connection timed out message. Any thoughts as to what's going on? I've run Avira, updated MBAM, Spybot and all came back clean. I can visit other AV websites, but not Avira or Comodo. Any help would be appreciated.
  4. Ok, managed to start up normally today. Did a lot of AV scans and everything came back clean. Before shutting down yesterday, I made a few changes to my Comodo firewall and some other things. I was wondering about this as well. I used to have about 60 processes running when I would check my task manager and now I get only get about 55 or less. Is that normal?
  5. Ok. Thanks. Now another thing. This just started today when I got on the computer, after I log in to my account and all my things are loading, it takes a really long time to load. I get to the desktop quick enough but it takes really long to load and can't click on the task bar icons or task bar at all, can't click on the desktop icons either since it dosen't do anything. The widget that's part of the ACER system doesn't come up at all, I would just restart the computer after waiting some 20 min. Ran a MBAM and it came back clean, updated some other of my things, only after I had unplugged my ethernet cable and restarted would it actually finish loading my things and here I am. Not sure what's going on, might be COMODO? It's given me some problems a few times that quickly got resolved. I think I might run a HJT just in case.
  6. Not quite, it is more like thin rectangles and no text.
  7. I've noticed something odd just recently that I hadn't seen my computer do before during boot up. Just before I get the black Windows XP loading window, there's a small text style progress bar and it's there for about a second. Just wondering about that.
  8. Ran a quick scan and got it too: Malwarebytes' Anti-Malware 1.37 Database version: 2227 Windows 5.1.2600 Service Pack 3 6/4/2009 1:52:51 AM mbam-log-2009-06-04 (01-52-40).txt Scan type: Quick Scan Objects scanned: 89127 Time elapsed: 6 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 7 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\bfast.com (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\commission-junction.com (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.com (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\fastclick.net (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\kqzyfj.com (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\linksynergy.com (Adware.BHO) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\qksrv.net (Adware.BHO) -> No action taken. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) Haven't been infected in a long while and it hasn't been long since I reformatted and reinstalled.
  9. I had a bit of a problem last night, right after an update, I ran a quick search and it froze up. I closed it and then re opened MBAM and it worked that time. Not sure what happened.
  10. I'm liking this new version. Quick scan which used to take about 15min with 1.36 now takes between 5 and 6 min. Very nice.
  11. I ran a root kit scan just because I got the same old "e-mail" from my own e-mail address and the last time that happened I had some hidden driver on my system. So i ran the scan and saw an entry that said mchInjDrv.sys could not be located or something like that. Just hoping if someone can help me make sense of this log as there is also a whole lot of txt. files too. After a short search mchInjDrv.sys it said it was a legit code injector but also used by malware. I recently did a clean re-install and have Avira, MBAM, Spybot, SpywareBlaster, Threat fire, and Sygate Fire wall and have not seen any evidence of any type of infection. Also, just recently uninstalled Zone Alarm suite after it caused a bit a grief and finally it had some kind of error after trying to auto update. Thanks for any help here. Sorry I don't think I can attach it here.So I'll keep it short and post the whole log if requested. GMER 1.0.15.14972 - http://www.gmer.net Rootkit scan 2009-05-26 21:02:14 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF6E89B30] SSDT F7C7446E ZwCreateKey SSDT F7C74464 ZwCreateThread SSDT F7C74473 ZwDeleteKey SSDT F7C7447D ZwDeleteValueKey SSDT F7C74482 ZwLoadKey SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF6E89470] SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xF76F2CF4] SSDT F7C74450 ZwOpenProcess SSDT F7C74455 ZwOpenThread SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF6E89C50] SSDT F7C7448C ZwReplaceKey SSDT F7C74487 ZwRestoreKey SSDT F7C74478 ZwSetValueKey SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF6E89990] SSDT F7C7445F ZwTerminateProcess SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF6E89D60] ---- Kernel code sections - GMER 1.0.15 ---- .text wanarp.sys F7893402 2 Bytes [90, 90] {NOP ; NOP } ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. ! (Then there are a lot of entries like the following) ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\dllhost.exe[220] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F] .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F] .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\dllhost.exe[220] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [74, 5F] {JZ 0x61} .text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\dllhost.exe[220] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [7A, 5F] {JP 0x61} .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\dllhost.exe[220] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\dllhost.exe[220] SHELL32.dll!ShellExecuteW .text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI} .text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\rundll32.exe[1884] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F] .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F] .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A .text C:\WINDOWS\system32\rundll32.exe[1884] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F1C0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F400F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F430F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!ShowWindow 7E42AF56 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!ShowWindow + 4 7E42AF5A 2 Bytes [7A, 5F] {JP 0x61} .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F190F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!SetWinEventHook 7E4317F7 6 Bytes JMP 5F4F0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!GetWindowTextA 7E43216B 6 Bytes JMP 5F760F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!DdeConnect 7E4581C3 6 Bytes JMP 5F460F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!EndTask 7E45A0A5 6 Bytes JMP 5F340F5A .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!RegisterRawInputDevices 7E46CE0E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\rundll32.exe[1884] USER32.dll!RegisterRawInputDevices + 4 7E46CE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI} .text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!RegOpenKeyExA 77DD7852 6 Bytes JMP 5F5E0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 6 Bytes JMP 5F5B0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!RegSetValueExA 77DDEAE7 6 Bytes JMP 5F610F5A .text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!OpenSCManagerA 77DF69AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!OpenSCManagerA + 4 77DF69B2 2 Bytes [74, 5F] {JZ 0x61} .text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F0A0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F4C0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A .text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A .text C:\WINDOWS\system32\rundll32.exe[1884] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A .text C:\Program Files\Java\jre6\bin\jqs.exe[1916] ntdll.dll!NtLoadDriver ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F73478E0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F7347B10] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F7347C70] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F7347BD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.) ---- Devices - GMER 1.0.15 ---- Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp TfNetMon.sys (ThreatFire Network Monitor/PC Tools) Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) AttachedDevice \FileSystem\Fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016cedff850 Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0016cedff850 ---- EOF - GMER 1.0.15 ----
  12. I recently did a reinstall of the OS on my computer, just after I installed PC tools firewall plus I've been having right click problems. When every I right click on a folder, the hour glass icon comes up and nothing happens. At the same time I can't click on anything else and have to manually shut down the computer. As it is shutting down, a window says the Explorer.exe is not responding. I'm wondering what the problem might be. Thanks for any info on this.
  13. Thanks for the info. I always back up my files (pics,music,vids) so being destructive isn't bad for me other than having to reinstall a few programs. I think that's my only option, my computer is from '05 I think.
  14. Hey everybody, just came in with a quick question. Anyone familiar with Acer e-recovery? Now I've used Acer e-recovery before but can't remember much about it since it was quite some time ago. I wanted to know if by "restoring things back to default setting" meant doing a complete clean out of the HD and then fresh re-install of the OS and Acer software? Still have the e-recovery disks I burned when I first got my computer and wanted to keep them handy just incase I got a bad infection on my machine and had to reformat and do a clean reinstall. Thanks for any help.
  15. Thank you for your help. I seem to have gotten another e-mail again. Should I be worried? Also it seems that my AVG couldn't auto update so I did it manually, but I manually update everyday.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.